Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web [View all]

Source: Wired

-snip-

Since Sears is still a trusted name but largely out of the public eye, security researcher Jeremiah Fowler was surprised and alarmed last month when he found three publicly exposed databases containing massive troves of chat logs, audio files, and text transcriptions of audio that contained personal details about Sears Home Services customers. The Home Services division claims to be the US’s “largest appliance repair service provider” and reports that it performs more than seven million repairs each year.

The exposed Sears databases uncovered by Fowler, which have since been secured, contained 3.7 million chat logs, plus 1.4 million audio files and plain text transcripts from 2024 to this year. Fowler found that one CSV file about the incident contained 54,359 complete chat logs. Conversations Fowler saw included the chatbot introducing itself as “Samantha, an AI virtual voice agent for Sears Home Services,” with the logs also including the name of the company’s AI technology “kAIros.” The cache of data contained chats in both English and Spanish and included personal information about Sears customers, such as names, phone numbers, home addresses, appliances owned, and information on delivery appointments and repairs.

“The thing to remember is that it is real data of real people,” says Fowler, a researcher with Black Hills Information Security. While companies may be able to save money deploying AI, he emphasizes that it is crucial they “don't take any shortcuts when it comes to protecting that data, securing that data. At the bare minimum, these files should have been password protected and encrypted.”

-snip-

The second shock came from the fact that a surprising number of the audio calls captured hours of ambient audio after customers apparently thought a call had ended. Some of the recordings were up to four hours long. It is unclear why customers left the calls running once they were done speaking to the Sears AI agent, but these extended recording sessions may have captured private conversations and sensitive details that Sears customers thought they were discussing privately as they went about their days. “You could hear the TV playing, you could hear people having conversations, and this recorded all of it,” Fowler says.

-snip-


Read more: https://www.wired.com/story/sears-exposed-ai-chatbot-phone-calls-and-text-chats-to-anyone-on-the-web/